Hi [[ session.user.profile.firstName ]]

Cloud Security Alliance: CloudBytes

  • Date
  • Rating
  • Views
  • Using Machine Learning to Detect Command Line Anomalies
    Using Machine Learning to Detect Command Line Anomalies
    Andrei Cotaie and Tiberiu Boros of Adobe Recorded: Nov 13 2018 52 mins
    As we all know, cybersecurity is often a game of cat and mouse - attackers are always trying to outsmart us defenders. At Adobe, we face the same issues and concerns as all the other major companies. We must ask ourselves simple questions with non-simple answers: How do we ensure that all assets are protected? How do we ensure that our employees are secure from the outside threats? How can we mitigate future emerging threats? Attackers will always try to find the next unconventional attack that will bypass our security systems and our security mindset. In this case, how do we protect our self from the unknown? We believe machine learning techniques can assist us in this defense. This presentation will discuss one of our current machine learning innovations that is helping us detect anomalies in command lines. Command line interfaces are frequently used by users, system administrators and applications alike. Many applications launch console scripts to perform tasks, especially in cloud services where conformity in service environments is also helpful for security. When they can, attackers do like to leverage those native system capabilities. This presentation will discuss machine learning methods developed by Adobe computer scientists to help detect anomalies in command line scripts and calls to help prevent these types of attacks.
  • Protecting What’s Left: Cloud Security in the Serverless Age
    Protecting What’s Left: Cloud Security in the Serverless Age
    Edward Smith of Cloud Passage Recorded: Nov 8 2018 40 mins
    Serverless architectures and FaaS services such as AWS Lambda make application development scalable, easy, and cheap. Plus, there’s no server to maintain or patch! But just because there’s no server doesn't mean there’s nothing to secure. Serverless services and their dependencies still need to be used and configured correctly, which is why it’s important to maintain security visibility into your serverless architecture.

    Join CloudPassage for an introduction on protecting serverless applications and underlying infrastructure and learn:

    - What a serverless application looks like from a security perspective

    - What threats, risks, and potential vulnerabilities could be leaving your organization exposed

    - Steps you can take to secure your serverless architecture
  • Data Breach Myths vs. Reality
    Data Breach Myths vs. Reality
    Sami Laine of Okta Recorded: Oct 25 2018 31 mins
    Data breaches can happen to any organization, so it's important to understand your organization's risk of a data breach. But where should you start your assessment? What practical and pragmatic steps can you take?

    In this presentation, we'll discuss the myths vs. the realities on how:

    - Breaches happen

    - The rapidly growing cloud and SaaS adoption changes the game for
    defenders

    - Identity-driven security can help reduce the probability of a breach happening to your organization
  • How to Phish Your Employees For Functional Security
    How to Phish Your Employees For Functional Security
    Josh Green of Duo Security Recorded: Oct 18 2018 45 mins
    More than 90% of reported data breaches and security incidents in 2016 involved a successful phishing attack*. Attackers rely on phishing as a primary strategy because it continues to be both effective and efficient, as users remain the most vulnerable attack vector.

    The best defense against phishing is proactively educating your users, through a shame-free campaign that prepares them for real-world phishing attempts. Along with teaching your users what to watch for, an internal phishing exercise can result in faster user reports of possible phish attempts and reinforce your security response plan.

    In this webinar, you will learn how to:

    - Quickly and easily assess your security posture
    - Help build the business case for addressing your organization’s security needs
    - Build and deploy effective phishing simulations within minutes
    - Identify vulnerable users and devices
    - Increase the speed of user reporting for possible phishing messages

    * Verizon 2017 Data Breach Investigations Report, page 30
  • Discovering a Competitive Advantage with ISO 27001 Certification
    Discovering a Competitive Advantage with ISO 27001 Certification
    Jason Eubanks, CRISC, ISO 27001 Lead Auditor, Principal Consultant, Lockpath Recorded: Oct 11 2018 41 mins
    Organizations with mature, enterprise-wide information security risk management programs enjoy a competitive advantage, thanks to ISO 27001 certification that signifies an international standard for safeguarding information. In this webinar, Lockpath's Jason Eubanks, a governance, risk management, and compliance (GRC) consultant and former ISO auditor, will share the business case for earning ISO 27001 certification and the critical role of technology in implementing a successful information security management system (ISMS).

    You'll learn:
    •Challenges and pitfalls with ISO 27001 certification
    •Tips on establishing and maturing an ISMS
    •Strategies for preparing and passing ISO audits
    •Technology's role in earning and maintaining certification

    Learn how ISO 27001 can give you a competitive advantage and strategies for earning certification. Register now to attend this educational webinar.
  • Crypto Conflagration and Securing the Cryptocurrency Ecosystem
    Crypto Conflagration and Securing the Cryptocurrency Ecosystem
    Chris Wysopal, Co-Founder and Chief Technology Officer at CA Veracode Recorded: Oct 4 2018 41 mins
    Not only do cryptocurrencies rely on blockchain for their security, but they also rely on an ecosystem of software that runs exchanges, wallets, smart contracts and more. This software ecosystem, as well as the infrastructure on which it runs are required to be secure. Whether you are a builder, investor, or consumer- this webinar will help you learn how to identify the vulnerable aspects of the software that powers the cryptocurrency ecosystem - and how to avoid them.
  • Past the Perimeter: Earned Access Through A Zero-Trust Model
    Past the Perimeter: Earned Access Through A Zero-Trust Model
    Zoe Lindsey of Duo Security Recorded: Sep 27 2018 47 mins
    Users whose digital lives are increasingly mobile don’t want to be tied to their desks, and an effective security strategy must be flexible enough to protect access from boardrooms and bars, cubicles and coffee shops alike. To do this, companies must ensure that users and their devices meet the same security controls, whether they’re outside or inside the network perimeter.

    Duo adopted the “zero-trust network” model to solve this challenge. All networks and devices are treated as untrusted until proven otherwise, and their health is checked each time a user connects to a protected resource. This approach depends on visibility into whether basic device and network security standards are met. It also requires the ability to enforce granular policy controls based on the results of that health check.

    The perimeter is disappearing, and it’s not coming back… find out how you can get a head start on what’s next.
  • Cloud–delivered Security: Why It’s Your Best Bet
    Cloud–delivered Security: Why It’s Your Best Bet
    Greg Mayfield of Tenable Recorded: Sep 20 2018 48 mins
    On-prem vs Cloud-based security? It’s an ongoing debate that SecOps teams face daily.

    With cloud adoption continuing to be a top business initiative, SecOps teams must adapt or risk falling behind. As most on-prem security tools don’t work in the cloud and suffer limitations, SecOps teams are faced with a myriad of new technologies and tools to implement to protect their critical assets. This can be overwhelming as numerous options abound.

    As the attack surface evolves and expands in the cloud, understanding the current state of assets and assessing their risk is an essential first step. Achieving continuous visibility and protection is then the following challenge. This webinar will discuss the opportunities and benefits that SecOps teams face by utilizing cloud-delivered security solutions vs. traditional on-prem solutions.
  • Can the Maturity of Your Cloud Security Strategy Make or Break Your Organization
    Can the Maturity of Your Cloud Security Strategy Make or Break Your Organization
    Scott Hogrefe, VP of Marketing at Netskope, and Doug Cahill, Senior Analyst at ESG Recorded: Sep 13 2018 65 mins
    New research from Enterprise Strategy Group and Netskope shows that there are business ramifications when it comes to your approach to cloud security.

    Join senior ESG cybersecurity analyst Doug Cahill and Netskope VP Marketing Scott Hogrefe for this webinar to get a deep dive into this research and understand how being a cloud "Discoverer," "Controler," or "Enabler" can make a difference for your organization and your career.

    What you'll learn by attending this webinar:
    - Find out if the risks from threats or data loss increase as you change your strategy
    - Understand the steps other organizations are taking to improve the maturity of their cloud security strategy
    - See how you compare to other organizations
  • Improving Cloud Hygiene
    Improving Cloud Hygiene
    Scott Pack, Lead Cloud Security Engineer, and Dhwaj Agrawal, Computer Scientist at Adobe Recorded: Sep 6 2018 56 mins
    As one of the first companies to commit wholly to the cloud, we have learned a lot about how to keep our security hygiene levels up even as we support rapid development and deployment cycles. Part of this effort is the development of an internal tool called MAVLink. MAVLink enables us to collect and analyze security data from our cloud infrastructure providers, provide context for application and log data sources, and collect evidence of security controls to make the best decisions possible in keeping Adobe and our customers safe from threats.

    This presentation will discuss…
    - Why we developed MAVLink
    - MAVLink's major capabilities
    - How MAVLink integrates with our cloud infrastructure providers including AWS and Microsoft Azure
    - How we are using MAVLinkto constantly improve our cloud hygiene

    We hope this information will be useful to you as you consider your own best practices and tooling around cloud applications. It will be a serverless cross-cloudy security adventure!

Embed in website or blog